Explore DevSecOps strategies in this conference talk from BSidesSF 2020. Learn how security teams can adapt to integrate security into DevOps practices, focusing on the "Three Ways" methodology. Discover practical steps to implement immediately, including improving deployment frequency, enhancing resilience, and accelerating time-to-market. Examine the role of security training, the importance of being outnumbered, and the transition from traditional waterfall approaches. Delve into topics such as asynchronous pipelines, faster feedback loops, negative and positive unit tests, and the concept of security champions. Gain insights on fostering teamwork, leveraging professional mentors, and accessing free resources to make security everyone's responsibility in the DevOps environment.
Overview
Syllabus
Introduction
Security is everybodys job
DevSecOps
Security in DevOps
What is AppSec
Other problems
Security training
Being outnumbered
Statistics
Waterfall
StepSetCops
DevOps
Improve Deployment Frequency
Resiliency
Faster timetomarket
Open Web Application Security Project
Three Ways of DevOps
Left to Right
Photo Slides
Asynchronous Pipeline
Be Creative
Faster Feedback
What does this mean for DevOps
Listen
Negative Unit Tests
Positive Unit Tests
What Else
Sharing information
Security exercises
Enabling DevSecOps
Teamwork
Security Champions
Resources
Professional Mentors
Free Content
Everyones Job
Taught by
Security BSides San Francisco
